If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Kon Boot disc

I found couple of employee's talking about it in the afternoon. Since it lets you override login on almost any Microsoft OS and Linux distro out there. I was wondering "how". I'm going through links on the site and will research on my own. But i wanted to know if anyone here was aware of this.

I've created this thread in malware since i suspect the disk to do something malicious and it works on most OS out there. Feel free to move it around if required. Also if administrator feels this link is not appropriate please remove it.

From what I read, it appears pretty straight forward. You insert kon-boot and have the machine boot into it. It mounts the OS on the drive and since you are already running as root on the disk, they can edit the machine however they see fit since it is now the ultimate authority on the computer. An easy way to stop this would be to lock down the boot order so that only admins can edit it.

I have been using this for quite some time. I heard about it on PaulDotCom. I have used it on several systems, and have had pretty good luck with it. It is nice when working on client machines, because you don't have to reset the password. You just bypass it, which saves you from having to explain their new password, and how to change it.

I haven't noticed any suspicious activity after using the disk. If nothing else, create a VM, run the iso as the boot device, and see if you notice anything.

\"Those of us that had been up all night were in no mood for coffee and donuts, we wanted strong drink.\"

I was planning to do that but for some odd reason i can't extract the file. I don't know if anyone else has tried it. I've talked with few guys and they said previous scans at virustotal have found the disk malicious.

Let me see. I'll put it up on the VM tonight.

@snuggles - Thanks for the suggestion mate. I have the BIOS locked down but I wanted to know how the disk works and if it is malicious. The reason i find it suspicious is that ISO file is few hundred kb's only.

@ByTe - I have seen this disk recommended by some pretty big names in the security industry. It is written in assembly, so it is not going to be a huge program. It is probably flagged as malicious because it

allows to change contents of a linux kernel (and now Windows kernel also!!!) on the fly (while booting).

It could definitely be used maliciously, but I don't think that was the author's intent.

Thanks guys. I appreciate it. I still haven't got time to test it on my own. I really want to try and find out if there is any trace it leaves on the system to use of this CD can be traced or be discovered.